Security News

'Have I Been Pwned' Code Base Going Open Source
2020-08-10 18:15

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source. Hunt now says that the time has come for the project to evolve into open source, especially given the fact that community contributions to Have I Been Pwned have increased significantly recently.

Facebook open-sources a static analyzer for Python code
2020-08-10 12:16

Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa, a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn't. "Pysa tracks flows of data through a program. The user defines sources as well as sinks," Facebook security engineer Graham Bleaney and software engineer Sinan Cepel explained.

Have I Been Pwned Set to Go Open-Source
2020-08-07 19:16

Fully opening the door to allow people to contribute to - and notably, tinker with - the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt. Since an appropriate buyer didn't turn up, the next plan is to open up the service's code base.

Open source tool Infection Monkey allows security pros to test their network like never before
2020-08-07 04:30

Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework. Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to test network adherence to the zero trust framework, and find weaknesses in their on-premises and cloud-based data centers.

Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks
2020-08-05 20:07

At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools - which offer pre-trained natural language processing, computer vision, and speech recognition tools - can be used to create malicious the synthetic media. Social media companies often do not require high bars of credibility, and offer a platform for content to go viral, allowing anyone to create fake media that is believable.

PE Tree: Free open source tool for reverse-engineering PE files
2020-08-04 10:16

PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community. PE Tree allows malware analysts to view Portable Executable files in a tree-view using pefile - a multi-platform Python module that parses and works with PE files - and PyQt5, a module that can be used to create graphical user interfaces.

BlackBerry Releases Open Source Reverse Engineering Tool
2020-08-03 17:52

BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware. Called PE Tree, BlackBerry said the free tool was initially developed for internal use, but the company has now released it as an additional tool for reverse engineers to have in their arsenal.

The Linux Foundation announces collective to enhance open source software security
2020-08-03 17:48

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more. Today, the creation of the Open Source Security Foundation.

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns
2020-08-03 15:44

The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition and the Core Infrastructure Initiative under one roof. The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.

New Open Source Security Foundation wants to improve open source software security
2020-08-03 15:16

The Linux Foundation announced the formation of the Open Source Security Foundation, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.